3 KEY FINDINGS After scanning [customer] s networks and running correlations between key data sets, the following are the highest priority issues to be addressed Undetected Malicious Code on Network Undetected malicious code in the form of exploit kits exists on a number of clients and web servers in the [customer] network. Applications with a high number of exploits found on Network Applications on the network introducing significant business risk. Critical Vulnerabilities Administrators do not possess the business intelligence to keep pace with and determine critical vulnerabilities in the rapidly changing threat landscape. Highest Value Feed Using the sample Enterprise data provided isight Partners threat intelligence provided the highest number of IOC matches.

4 METHODOLOGY IKANOW cyber security analysts conducted a sample threat visibility and vulnerability assessment for <Sample Customer> using the IKANOW Threat Analytics Platform. Built on leading big data technologies, the IKANOW platform provides visibility and control over private and open source threat intelligence feeds and enables the analysis of this intelligence against any Enterprise data source. The IKANOW Threat Analytics Platform is built on leading open source big-data technology This report summarizes the results of the proof-of-concept. Beyond this, the report provides specific results from a discrete set of analytics that demonstrate the capabilities of the IKANOW Threat Analytics Platform. The report closes with a more detailed overview of the solution and recommended actions.

6 EXPLOIT KIT HIGHLIGHT: NEUTRINO AND ANGLER Key Points Fraudulent Websites Code Injection Install malicious software Ranking: N/A Neutrino Exploit Kit Neutrino Exploit Kit is a malicious code present on fraudulent websites or illegally injected on legitimate but hacked websites without the knowledge of the administrator. The intention behind these code injections is to detect and exploit vulnerabilities on applications installed on your computer to install malicious and unwanted software that compromise the security of all data on the affected PC.Neutrino Exploit Kit is currently ranked in the world of online malware. Key Points Zero day Web application Web browser vulnerability Install malicious software Installs through infected links and attachments Ranking: 5938 Angler Exploit Kit The Angler Exploit Kit is a more advanced version of the Blackhole Exploit Kit enabling Zero Days and other intrusion methods. The Blackhole Exploit Kit Detection is a Web application that takes advantage of a vulnerability in a web-browser in order to hack computers via malicious scripts planted on compromised websites to remotely attack your computer. When surfing to a website with browser exploits, it may result in unwanted software (see also Trojan Horse) being downloaded to your computer. These type of threats invade a PC with the help of infected links, websites and attachments among others. Blackhole Exploit Kit Detection is currently ranked 5938 in the world of online malware. A current definition of the Angler Exploit Kit is not currently available on AVG Threat Labs.

7 IOC CHAIN OF EVENTS The below chain of events occurred on March 31st, between 10:00 AM and 2:00 PM with the enterprise hosts being directed to exploit kit landing pages through malicious s, malicious websites, or compromised sites. Command and Control Server (C2) IP Command and Control Server (C2) IP (v vps.mcdir.ru, v vps.mcdir.ru, v vps.mcdir.ru) Command and Control Server (C2) IP (cz.gigabit.perfectprivacy.com) Command and Control Server (C2) IP Command and Control Server (C2) IP Command and Control Server (C2) IP (apple.destinatech.uk)

11 HIGH RISK APPLICATIONS ON NETWORK The IKANOW Threat Analytics platform extracted a list of applications running on the network from the supplied Enterprise data sources and compared these against threat Intelligence and vulnerability databases to identify the applications with the greatest number of exploits associated with them. Application Technology Number of Exploits Oracle JAVA Client 30 Adobe Flash Client 28 Internet Explorer Client 20 Mozilla Firefox Client 15 Microsoft Office Client 10 Recommendations: Non-compliant applications should be removed from the network in order to reduce the attack surface. All hosts running high risk applications should be identified and audited to ensure they have not been compromised and whether they are vulnerable to any of the exploits identified. Firewalls, Intrusion Prevention and Anti-Malware systems should be updated to increase the organization's security posture relative to the risk associated with these applications.

12 THREAT INTEL VALUE The table below compares the existing threat intelligence sources utilized by <Sample Customer>. APT Alerts displays the number of alerts associated with a known hacking group from the contextual information provided with IOCs. Exploit Kit Alerts displays the number of alerts which are attributed to known Exploit Kits. General Alerts displays the number of alert generated from open source or paid threat feeds which do not currently have known associations to APT groups or specific malware families. Threat Feed APT Alerts Exploit Kit Alerts General Alerts Related CVE(s) isight Symantec DeepSight Aggregated Open Source Recommendations: Continue to measure the value of each threat intelligence feed over time based on the quantity and quality of the data and the availability of the source.

WHITE PAPER: THREAT INTELLIGENCE RANKING SEPTEMBER 2015 2 HOW WELL DO YOU KNOW YOUR THREAT DATA? HOW THREAT INTELLIGENCE FEED MODELING CAN SAVE MONEY AND PREVENT BREACHES Who are the bad guys? What makes

Practical Threat Intelligence with Bromium LAVA Practical Threat Intelligence Executive Summary Threat intelligence today is costly and time consuming and does not always result in a reduction of successful

Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive

datasheet Trend Micro deep security as a service Advanced Security Built for the Cloud Organizations are embracing the economic and operational benefits of cloud computing, turning to leading cloud providers

White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration

First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Gain comprehensive visibility into DDoS attacks and cyber-threats with easily accessible

egambit Endpoint Security - egambit, your defensive cyber-weapon system. You have the players. We have the game. TEHTRI-Security 2010-2015 www.tehtri-security.com Endpoint Security In this document, we

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective Reaching the Cloud era in the EU Riga 16 June 2015 Jonathan Sage Government and Regulatory Affairs Cyber Security

Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015 Tripwire Evolution 18+ Years of Innovation 1997 Tripwire File System Monitoring from open source

Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large

Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

White Paper Threat Spotlight: Angler Lurking in the Domain Shadows Over the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant

High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.

Corporate Security Research and Assurance Services We Keep Your Business In Business Obrela Security Industries mission is to provide Enterprise Information Security Intelligence and Risk Management Services

Insert Name Here Insert Title Here 1 In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582 That s 1 Million 179 Thousand a day. 2 Founded: 1933 1 location 35 employees

The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, page 1 Uses for Host, Application, and User Discovery and Identity

On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.

BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining

Vulnerability-Focused Threat Detection: Protect Against the Unknown Vulnerabilities and threats are being discovered at a pace that traditional exploit-based attack detection technology cannot meet. Vulnerability-focused

INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent

Non-intrusive, authenticated scanning for OT & IT environments The situation: convenience vs. security Interconnectivity between organizations and corporate networks, the internet and the cloud and thus

SOFTWARE UPDATER A unique tool to protect your business against known threats OVERVIEW This document explains the functionality of Software Updater. What it is, what it does, how it works, what gets patched

Detecting Remote Access (RAT) Attacks on Online Banking Sites A BioCatch White Paper Document Overview Remote Access Tools (RATs) allow an attacker to take control over a desktop and use it remotely, opening

TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these

RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources